Skip to content

az bastion ssh fails when missing read permissions on vm nic without throwing meaningful error #27595

Description

@cveld

Describe the bug

Whenever I try to access a virtual machine through az bastion ssh, it fails when I don't have read access to the nic without throwing a meaningful error:

Exception in thread Thread-1 (_start_tunnel):
Traceback (most recent call last):
  File "threading.py", line 1016, in _bootstrap_inner
  File "threading.py", line 953, in run
  File "C:\Users\CarlintVeld\.azadmin\cliextensions\bastion\azext_bastion\custom.py", line 335, in _start_tunnel     
    tunnel_server.start_server()
  File "C:\Users\CarlintVeld\.azadmin\cliextensions\bastion\azext_bastion\tunnel.py", line 194, in start_server      
    self._listen()
  File "C:\Users\CarlintVeld\.azadmin\cliextensions\bastion\azext_bastion\tunnel.py", line 123, in _listen
    auth_token = self._get_auth_token()
  File "C:\Users\CarlintVeld\.azadmin\cliextensions\bastion\azext_bastion\tunnel.py", line 112, in _get_auth_token   
    self.last_token = response_json["authToken"]
KeyError: 'authToken'

Related command

az bastion ssh

Errors

See above.

Issue script & Debug output

N/A

Expected behavior

It should passthrough the error that is given back from the rest api, e.g.

(AuthorizationFailed) The client 'admin@suppressed' with object id 'suppressed' does not have authorization to perform action 'Microsoft.Network/networkInterfaces/read' over scope '/subscriptions/suppressed/resourceGroups/rg-myresourcegroup/providers/Microsoft.Network/networkInterfaces/nic-mynic' or the scope is invalid. If access was recently granted, please refresh your credentials.
Code: AuthorizationFailed

Environment Summary

{
  "azure-cli": "2.52.0",
  "azure-cli-core": "2.52.0",
  "azure-cli-telemetry": "1.1.0",
  "extensions": {
    "bastion": "0.2.5",
    "resource-graph": "2.1.0",
    "ssh": "2.0.1"
  }
}

Additional context

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    Auto-ResolveAuto resolve by botNetwork - BastionService AttentionThis issue is responsible by Azure service team.act-quality-productivity-squadcustomer-reportedIssues that are reported by GitHub users external to the Azure organization.questionThe issue doesn't require a change to the product in order to be resolved. Most issues start as that

    Type

    No type
    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions